<?php
	session_start();

                $userid = $_SESSION['userid'];
                $password = addslashes($_POST['newPassword']);
                $confirmPassword = addslashes($_POST['confirmPassword']);

		if($password == "" || $confirmPassword == "" || $password != $confirmPassword)
                {
        		$message = "You must fill out the form, and correctly confirm the new password!"; 
			setcookie("updateMessage", $message);
			header('Location: account.php');
			exit;
		}
                else
                {
			$username = $_SESSION['user'];
			$password = sha1($password);
			$password = $password . $username;
              		$password = sha1($password);

                	//build query
                	$query ="UPDATE AUTHENTICATE SET PASSWORD='".$password."' WHERE USERID='".$userid."'";

			include('std_dbs.php');
                	//Prepare and execute query
                	$stid = oci_parse($connect, $query);
                	$r = oci_execute($stid);

                	if (!$r)
                	{
                	        $e = oci_error($stid);  // For oci_execute errors pass the statement handle
                	        print htmlentities($e['message']);
                	        print "\n<pre>\n";
                	        print htmlentities($e['sqltext']);
                	        echo $e['message'];
                	        printf("\n%".($e['offset']+1)."s", "^");
                	        print  "\n</pre>\n";
				$message = "There was an error while updating your password!";
                	}
                	else
                	{
	
		                oci_commit($stid);
        	        	$message = "The password has been reset!";
                	}

                setcookie("updateMessage", $message);
              	header('Location: account.php');
                }               
?>
